Rebuild SVG use element shadow tree lazily. Mark SVGElementInstance with the "needsUpdate" flag.
Next time SVGUseElement::recalcStyle is invoked (ie. via Document::updateDocumentsRendering()) the
use tree is rebuild.

Make SVGElementInstance a real EventTarget, as the SVG specification demands.
When dispatching events to a shadow tree element of a use element, the associated SVGElementInstance
is used as event target. The SVGElementInstance, the shadow tree element and the corresponding element
share an event listener list. Every event listener change on the SVGElementInstance object is forwared
to the corresponding element. Each change marks the SVGElementInstance tree dirty, and causes a reclone.
Each event listener defined via attributes (onclick/onkeydown/...) is copied from the correspondingElement
to the shadow tree element - through the cloneNode calls - if the use element's shadow tree gets rebuild.
Each listener, dynamically created using addEventListener, gets copied to the corersponding element as well.

Now that the target/currentTarget properties of the Events are correct, event bubbling works as expected,
see resources/use-instanceRoot-event-bubbling.js for details.

Add CallFrame as a synonym for ExecState. Arguably, some day we should switch every
client over to the new name.

Use CallFrame* consistently rather than Register* or ExecState* in low-level code such
as Machine.cpp and CTI.cpp. Similarly, use callFrame rather than r as its name and use
accessor functions to get at things in the frame.

Eliminate other uses of ExecState* that aren't needed, replacing in some cases with
JSGlobalData* and in other cases eliminating them entirely.

Add CallFrame as a synonym for ExecState. Arguably, some day we should switch every
client over to the new name.

Use CallFrame* consistently rather than Register* or ExecState* in low-level code such
as Machine.cpp and CTI.cpp. Similarly, use callFrame rather than r as its name and use
accessor functions to get at things in the frame.

Eliminate other uses of ExecState* that aren't needed, replacing in some cases with
JSGlobalData* and in other cases eliminating them entirely.

bindings/objc/DOM.mm: Remove previous category implementations
on DOMDocument for createNodeIterator: and createTreeWalker:. Also
moves ObjCNodeFilterCondition to its own file.

bindings/objc/DOMTraversal.h: Remove the category methods that added
createNodeIterator: and createTreeWalker: to DOMDocument. This is fine
to do since DOmDocument.h is included still, and has these methods.

bindings/objc/DOMUtility.mm:
(JSC::createDOMWrapper): Remove special case for JSNodeIterator and
JSTreeWalker now that the ObjC binding conforms to the standard wrap.

bindings/objc/ObjCNodeFilterCondition.h: Split out from DOM.mm.
(WebCore::ObjCNodeFilterCondition::create): Moved from DOM.mm.
(WebCore::ObjCNodeFilterCondition::ObjCNodeFilterCondition): Ditto.

bindings/objc/ObjCNodeFilterCondition.mm: Split out from DOM.mm.
(WebCore::ObjCNodeFilterCondition::acceptNode): Moved from DOM.mm.

bindings/objc/PublicDOMInterfaces.h: Add the createNodeIterator: and
createTreeWalker: methods to DOMDocument.

bindings/scripts/CodeGeneratorObjC.pm:
(GetObjCTypeGetter): Add a case for NodeFilter.
(AddIncludesForType): Include ObjCNodeFilterCondition.h for NodeFilter.
(GenerateImplementation): Remove existing NodeFilter special case that
used the m_filter member variable. Add a new special getter for protocol
types that aren't EventTarget, so the right class is used for NodeFilter.
Add a special case for NodeFilter where it creates an ObjCNodeFilterCondition.

dom/Document.idl: Remove the #ifdef LANGUAGE_OBJECTIVE_C. Add the
OldStyleObjC extended attribute to createNodeIterator and createTreeWalker.
Rename the entityReferenceExpansion parameter to expandEntityReferences to
match the previous ObjC API.

dom/NodeIterator.idl: Remove ObjCIvar from the filter attribute. The
m_filter member variable was never used in practice, it was always nil!
We can remove it and not pad the object because this can't be subclassed.

bindings/objc/DOM.mm: Remove many unneeded header includes. Move
ObjCEventListener to it's own file. Remove the manual impelmentations
of the DOMEventTarget protocol for DOMNode and DOMSVGElementInstance.

bindings/objc/DOMEvents.h: Remove the categories that defined
DOMEventTarget for DOMNode and DOMSVGElementInstance.

bindings/objc/ObjCEventListener.h: Split out from DOM.mm.

bindings/objc/ObjCEventListener.mm: Split out from DOM.mm.
(WebCore::ObjCEventListener::find): Moved from DOM.mm.
(WebCore::ObjCEventListener::wrap): Use PassRefPtr to prevent the
callers from doing a manual deref.
(WebCore::ObjCEventListener::ObjCEventListener): Moved from DOM.mm.
(WebCore::ObjCEventListener::~ObjCEventListener): Ditto.

bindings/scripts/CodeGeneratorObjC.pm:
(GetObjCTypeGetter): Add a case for EventListener and use WTF::getPtr.
(AddIncludesForType): Include ObjCEventListener.h for EventListener.
And include EventTargetSVGElementInstance.h for SVGElementInstance.
(GenerateHeader): Remove the check for multiple parents.
(GenerateImplementation): Remove the check for multiple parents. Remove
the @deprecatedFunctions array since deprecated methods get generated
into the main @interface now to work with protocols. Add support
for the EventTargetNodeCast extended attribute. Add support for
EventListener parameters.

dom/Node.idl: Define superclasses for ObjC so the implementation
and interface implement the DOMEventTarget protocol. Explicitly
specify Object as a superclass to use DOMEventTarget. Object will turn
into DOMObject. This is needed to take the code generator down the right
path of multiple super-classes as protocols. It is ObjC only for legacy
reasons. The event target methods are normally on NodeEventTarget, a
subclass of Node. But the ObjC API has never has this subclass and
they are on DOMNode.

Make sure short functions get included in ChangeLog output for git repositories

Reviewed by Dave Kilzer.

Scripts/prepare-ChangeLog:
(sub diffCommand): Pass -U0 to git diff so that each contiguous change
will get its own chunk without any surrounding context.
(sub extractLineRange): Use the line numbers from the chunk header
without modifying them now that they're accurate.

Add support to the Resources panel for queries like "#123", "foo #123",
"line: 123" and "foo line: 123". These will match the query limiting
the search only to the line specified. If only a line is specified,
the whole line is matched.

inspector/front-end/SourceFrame.js:
(WebInspector.SourceFrame.prototype.sourceRow): Don't return the last
row if the index is greater than the rows collection. Let it return
undefined by indexing out-of-bounds.

inspector/front-end/SourceView.js:
(WebInspector.SourceView.prototype.performSearch): Add support for
queries like "#123", "foo #123", "line: 123" and "foo line: 123".
Also match the whole query to the whole document in case there are
colors like "#333".

Make viewless WebKit update focused and active state when the window becomes and loses key.
The focus controller has been patched to understand that in viewless mode it can recur down and
update all of the frames, which is why this code works now when placed just on the WebView.

kjs/JSObject.h:
(JSC::JSObject::getDirect): Rename getOffset -> get
(JSC::JSObject::getDirectLocation): Rename getOffset -> get
(JSC::JSObject::putDirect): Use propertyStorageCapacity to determine whether
or not to resize. Also, since put now returns an offset (and thus
addPropertyTransition does also) setting of the PropertyStorageArray is
now done here.
(JSC::JSObject::transitionTo):

kjs/PropertyMap.cpp:
(JSC::PropertyMap::checkConsistency): PropertyStorageArray is no longer
passed in.
(JSC::PropertyMap::operator=): Copy the delete offsets vector.
(JSC::PropertyMap::put): Instead of setting the PropertyNameArray
explicitly, return the offset where the value should go.
(JSC::PropertyMap::remove): Instead of removing from the PropertyNameArray
explicitly, return the offset where the value should be removed.
(JSC::PropertyMap::get): Switch to using the stored offset, instead
of the implicit one.
(JSC::PropertyMap::insert):
(JSC::PropertyMap::expand): This is never called when m_table is null,
so remove that branch and add it as an assertion.
(JSC::PropertyMap::createTable): Consistency checks no longer take
a PropertyNameArray.
(JSC::PropertyMap::rehash): No need to rehash the PropertyNameArray
now that it is completely out of band.

kjs/PropertyMap.h:
(JSC::PropertyMapEntry::PropertyMapEntry): Store offset into PropertyNameArray.
(JSC::PropertyMap::get): Switch to using the stored offset, instead
of the implicit one.

kjs/StructureID.h:
(JSC::StructureID::propertyStorageCapacity): Add propertyStorageCapacity
which is the current capacity for the JSObjects PropertyStorageArray.
It starts at the JSObject::inlineStorageCapacity (currently 2), then
when it first needs to be resized moves to the JSObject::nonInlineBaseStorageCapacity
(currently 16), and after that doubles each time.

Use #if ENABLE(feature) where possible, and #if ENABLE_feature where
Platform.h is not available, in preference to #ifdef ENABLE_feature.
#ifdef is wrong now that features are disabled by #defining
ENABLE_feature to 0.

Added C++ forward declaration for the NSURLAuthenticationChallenge class
so that the m_currentMacChallenge variable doesn't cause a
compilation error when ResourceHandleInternal.h is included from a C++ file.
Fixes: ​https://bugs.webkit.org/show_bug.cgi?id=21411

VM/Machine.cpp:
(JSC::Machine::unwindCallFrame): Update ExecState while unwinding call frames;
it now matters more to have a still-valid ExecState, since dynamicGlobalObject
will make use of the ExecState's scope chain.

Use information from the parser to detect whether an activation is
needed or 'arguments' is used, and emit explicit instructions to tear
them off before op_ret. This allows a branch to be removed from op_ret
and simplifies some other code. This does cause a small change in the
behaviour of 'f.arguments'; it is no longer live when 'arguments' is not
mentioned in the lexical scope of the function.

It should now be easy to remove the OptionaCalleeActivation slot in the
call frame, but this will be done in a later patch.

The problem is that dynamicGlobalObject had become O(N) in number
of call frames, but unwinding the stack for an exception called it
for every call frame, resulting in O(N2) behavior for an
exception thrown from inside deep recursion.

Instead of doing it that way, stash the dynamic global object in JSGlobalData.

VM/Machine.cpp:
(JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope): Helper class to temporarily
store and later restore a dynamicGlobalObject in JSGlobalData.
(JSC::DynamicGlobalObjectScope::~DynamicGlobalObjectScope):
(JSC::Machine::execute): In each version, establish a DynamicGlobalObjectScope.
For ProgramNode, always establish set new dynamicGlobalObject, for FunctionBody and Eval,
only if none is currently set.

VM/Machine.h:

kjs/ExecState.h:

kjs/JSGlobalData.cpp:
(JSC::JSGlobalData::JSGlobalData): Ininitalize new dynamicGlobalObject field to 0.

kjs/JSGlobalData.h:

kjs/JSGlobalObject.h:
(JSC::ExecState::dynamicGlobalObject): Moved here from ExecState for benefit of inlining.
Return lexical global object if this is a globalExec(), otherwise look in JSGlobalData
for the one stashed there.

This patch does not yet remove the branch, but it does a bit of refactoring
so that a CodeGenerator now knows whether the associated CodeBlock will need
a full scope before doing any code generation. This makes it possible to emit
explicit tear-off instructions before every op_ret.

(1) A repatch offset offset changes due to an additional instruction to update SamplingTool state.
(2) Fix an incusion order problem due to ExecState changes.
(3) Change to a MACHINE_SAMPLING macro, use of exec should now be accessing global data.

If we hit a parsing boundary (end of a packet, etc) in the middle of a
<script> element when we are doing an incremental parse, we exit the
parser, and reenter later when more data is available. During this
reentry we incorrectly reset the scriptStartLineno to the current line
in the parser, which is now part way through the script element.

The solution is to track whether we are entering or reentering the parsing
of a script element. We do this simply by 0 checking scriptStartLineno,
and resetting it after we complete parsing of each script element.

De-obfuscate parseDataUrl() and fix regressions introduced in r35954.
This patch also fixes encoding support in escaped (non-Base64) data
URLs. All manual data URL tests now pass in both GLib and non-GLib
code paths.

WebCore.xcodeproj/project.pbxproj: Mark the inspector group as
not using tabs and a tab width of 8.

inspector/InspectorController.cpp:
(WebCore::addResourceSourceToFrame): Return a bool to report if the
source was added successfully or not.
(WebCore::addSourceToFrame): Ditto.

inspector/front-end/ScriptView.js:
(WebInspector.ScriptView.prototype.setupSourceFrameIfNeeded):
Return early if the InspectorController.addSourceToFrame fails.
Moved the delete of the _frameNeedsSetup property after that call so
if the source wasn't added it will be attempted again.

inspector/front-end/SourceView.js:
(WebInspector.SourceView.prototype.detach): Move a comment.
(WebInspector.SourceView.prototype.setupSourceFrameIfNeeded):
Don't check if the resource is finished or failed, just attempt
to add the source to the frame. WebCore has the source, but the
finished property hasn't been set yet. Return early if the
InspectorController.addSourceToFrame fails. Moved the delete
of the _frameNeedsSetup property after that call so if the source
wasn't added it will be attempted again.
(WebInspector.SourceView.prototype._resourceLoadingFinished):
Clear the _frameNeedsSetup and _sourceFrameSetup properties so
the source frame will we populated again now that the resource
load has finished.

10% faster on Richards; other v8 benchmarks faster too.
A wash on SunSpider.

This does the minimum necessary to get the speedup. Next step in
cleaning this up is to replace ExecState with a CallFrame class,
and be more judicious about when to pass a call frame and when
to pass a global data pointer, global object pointer, or perhaps
something else entirely.

VM/CTI.cpp: Remove the debug-only check of the exception in
ctiVMThrowTrampoline -- already checked in the code the trampoline
jumps to, so not all that useful. Removed the exec argument from
ctiTrampoline. Removed emitDebugExceptionCheck -- no longer needed.
(JSC::CTI::emitCall): Removed code to set ExecState::m_callFrame.
(JSC::CTI::privateCompileMainPass): Removed code in catch to extract
the exception from ExecState::m_exception; instead, the code that
jumps into catch will make sure the exception is already in eax.

VM/CTI.h: Removed exec from the ctiTrampoline. Also removed the
non-helpful "volatile". Temporarily left ARG_exec in as a synonym
for ARG_r; I'll change that on a future cleanup pass when introducing
more use of the CallFrame type.
(JSC::CTI::execute): Removed the ExecState* argument.

VM/Machine.cpp:
(JSC::slideRegisterWindowForCall): Removed the exec and
exceptionValue arguments. Changed to return 0 when there's a stack
overflow rather than using a separate exception argument to cut
down on memory accesses in the calling convention.
(JSC::Machine::unwindCallFrame): Removed the exec argument when
constructing a DebuggerCallFrame. Also removed code to set
ExecState::m_callFrame.
(JSC::Machine::throwException): Removed the exec argument when
construction a DebuggerCallFrame.
(JSC::Machine::execute): Updated to use the register instead of
ExecState and also removed various uses of ExecState.
(JSC::Machine::debug):
(JSC::Machine::privateExecute): Put globalData into a local
variable so it can be used throughout the interpreter. Changed
the VM_CHECK_EXCEPTION to get the exception in globalData instead
of through ExecState.
(JSC::Machine::retrieveLastCaller): Turn exec into a registers
pointer by calling registers() instead of by getting m_callFrame.
(JSC::Machine::callFrame): Ditto.
Tweaked exception macros. Made new versions for when you know
you have an exception. Get at global exception with ARG_globalData.
Got rid of the need to pass in the return value type.
(JSC::Machine::cti_op_add): Update to use new version of exception
macros.
(JSC::Machine::cti_op_pre_inc): Ditto.
(JSC::Machine::cti_timeout_check): Ditto.
(JSC::Machine::cti_op_instanceof): Ditto.
(JSC::Machine::cti_op_new_func): Ditto.
(JSC::Machine::cti_op_call_JSFunction): Optimized by using the
ARG values directly instead of through local variables -- this gets
rid of code that just shuffles things around in the stack frame.
Also get rid of ExecState and update for the new way exceptions are
handled in slideRegisterWindowForCall.
(JSC::Machine::cti_vm_compile): Update to make exec out of r since
they are both the same thing now.
(JSC::Machine::cti_op_call_NotJSFunction): Ditto.
(JSC::Machine::cti_op_init_arguments): Ditto.
(JSC::Machine::cti_op_resolve): Ditto.
(JSC::Machine::cti_op_construct_JSConstruct): Ditto.
(JSC::Machine::cti_op_construct_NotJSConstruct): Ditto.
(JSC::Machine::cti_op_resolve_func): Ditto.
(JSC::Machine::cti_op_put_by_val): Ditto.
(JSC::Machine::cti_op_put_by_val_array): Ditto.
(JSC::Machine::cti_op_resolve_skip): Ditto.
(JSC::Machine::cti_op_resolve_global): Ditto.
(JSC::Machine::cti_op_post_inc): Ditto.
(JSC::Machine::cti_op_resolve_with_base): Ditto.
(JSC::Machine::cti_op_post_dec): Ditto.
(JSC::Machine::cti_op_call_eval): Ditto.
(JSC::Machine::cti_op_throw): Ditto. Also rearranged to return
the exception value as the return value so it can be used by
op_catch.
(JSC::Machine::cti_op_push_scope): Ditto.
(JSC::Machine::cti_op_in): Ditto.
(JSC::Machine::cti_op_del_by_val): Ditto.
(JSC::Machine::cti_vm_throw): Ditto. Also rearranged to return
the exception value as the return value so it can be used by
op_catch.

kjs/DebuggerCallFrame.cpp:
(JSC::DebuggerCallFrame::functionName): Pass globalData.
(JSC::DebuggerCallFrame::evaluate): Eliminated code to make a
new ExecState.

kjs/DebuggerCallFrame.h: Removed ExecState argument from
constructor.

kjs/ExecState.h: Eliminated all data members and made ExecState
inherit privately from Register instead. Also added a typedef to
the future name for this class, which is CallFrame. It's just a
Register* that knows it's a pointer at a call frame. The new class
can't be constructed or copied. Changed all functions to use
the this pointer instead of m_callFrame. Changed exception-related
functions to access an exception in JSGlobalData. Removed functions
used by CTI to pass the return address to the throw machinery --
this is now done directly with a global in the global data.

kjs/JSGlobalData.h: Declare two new globals. One for the current
exception and another for the return address used by CTI to
implement the throw operation.

kjs/JSGlobalObject.cpp:
(JSC::JSGlobalObject::init): Removed code to set up globalExec,
which is now the same thing as globalCallFrame.
(JSC::JSGlobalObject::reset): Get globalExec from our globalExec
function so we don't have to repeat the logic twice.
(JSC::JSGlobalObject::mark): Removed code to mark the exception;
the exception is now stored in JSGlobalData and marked there.
(JSC::JSGlobalObject::globalExec): Return a pointer to the end
of the global call frame.

Adds support to the Web Inspector's Elements panel for fast tag name,
class name, id and attribute name searching. The panel first tries
using getElementById, getElementsByClassName and getElementsByTagName
with the search query. Then does a slower search using XPath for partial
matches, text and comment matches.

Adds support for search queries like "<div>", "<h" and "frame>".
These forms limit the search to tag names, text and comment matches.

Changes how searching works in the Web Inspector's Elements
panel. The search tasks are divided into chunks that are small
units of work that are performed at a time interval. This
change also prevents queries that will select all elements,
since that isn't useful.

page/inspector/ElementsPanel.js:
(WebInspector.ElementsPanel.prototype.searchCancled):
Remove the searchResultsProperty form results since there might
be an unfinished search.
(WebInspector.ElementsPanel.prototype.performSearch): Divide the
documents and search functions into chunks that are performed on
a interval of 25ms. Prevent searches for "*" and "*".

I changed things so that functions which use "this" do a fast
version of toThisObject conversion if needed. Currently we miss
the conversion entirely, at least for primitive types. Using
TypeInfo and the primitive check, I made the fast case bail out
pretty fast.

This is inexplicably an 1.007x SunSpider speedup (and a wash on V8 benchmarks).